Package: gparted
Version: 0.25.0-1+b1
Severity: normal

Dear Maintainer,

for some operations, gparted mounts partitions under /tmp/gparted-XXXXXX 
without any protection
against access. This makes these partitions potentially accessible to other 
users on the system while
the operation runs.

   * What led up to the situation?

Resizing a btrfs partition.

   * What was the outcome of this action?

While resizing, the partion was mounted under /tmp/gparted-BSeLY6,
accessible to all users, potentially allowing other users to read or write
the data:

drwxr-xr-x 1 root root 44 Dec  6 08:20 /tmp/gparted-BSeLY6

   * What outcome did you expect instead?

The partition data would not be accessible to other users.

A somewhat simple fix would be to create a directory only accessible for
the current user with a moiuntpoint inside, e.g,. something like:

drwxr----- 1 root root 44 Dec  6 08:20 /tmp/gparted-BSeLY6
drwxr-xr-x 1 root root 44 Dec  6 08:20 /tmp/gparted-BSeLY6/realmountpoint


-- System Information:
Debian Release: 9.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'testing-debug'), 
(500, 'stable-updates'), (500, 'stable-debug'), (500, 'unstable'), (500, 
'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 4.18.20-041820-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages gparted depends on:
ii  libatkmm-1.6-1v5      2.24.2-2
ii  libc6                 2.27-8
ii  libgcc1               1:8.2.0-10
ii  libglib2.0-0          2.58.1-2
ii  libglibmm-2.4-1v5     2.50.0-1
ii  libgtk2.0-0           2.24.31-2
ii  libgtkmm-2.4-1v5      1:2.24.5-1
ii  libpangomm-1.4-1v5    2.40.1-3
ii  libparted-fs-resize0  3.2-17
ii  libparted2            3.2-17
ii  libsigc++-2.0-0v5     2.10.0-1
ii  libstdc++6            8.2.0-10
ii  libuuid1              2.29.2-1+deb9u1

gparted recommends no packages.

Versions of packages gparted suggests:
pn  dmraid         <none>
ii  dmsetup        2:1.02.137-2
ii  dosfstools     4.1-1
ii  gpart          1:0.3-3
pn  jfsutils       <none>
ii  kpartx         0.6.4-5+deb9u1
ii  mtools         4.0.18-2+b1
ii  ntfs-3g        1:2016.2.22AR.1+dfsg-1
ii  reiser4progs   1.1.0-3
ii  reiserfsprogs  1:3.6.25-4+b1
ii  xfsprogs       4.9.0+nmu1
ii  yelp           3.22.0-1

-- no debconf information

Reply via email to